FB-ISAO

Tag: preparedness

  • Say No to Ransomware – Have a Plan!

    Say No to Ransomware – Have a Plan!

    by David Pounder and Brett Zupan

    This post was originally informed by a TLP: AMBER FB-ISAO Weekly Cybersecurity Reportdistributed on 10 July 2019.

    Over the past several weeks, ransomware has been a widespread topic. However, on 02 July there was a bit of good news for a change. St John Ambulance, a “not-for-profit provider of specialist patient transport services across England” advised customers they were “subjected to a ransomware attack.” Fortunately, having a plan in place allowed St John Ambulance to resolve the issue within 30 minutes without paying any ransom demands. While the company was “temporarily blocked from accessing the system affected and the data customers gave [them] when booking a training course was locked” there did not appear to be any information shared or exposed. Even though the UK-based company did not have to report the incident, they still performed due diligence by advising the Information Commissioner’s Office (ICO) and the Charity Commission, as well as the police in accordance with their established procedures. These notifications and the speed in which they were delivered is another indicator of strong preparedness processes in place.

    This recent report is another encouragement for non-profit organizations, especially on the heels of news about Father Bill’s and MainSpring, a Massachusetts-based non-profit homeless shelter, successfully blocking a ransomware attempt. These incidents demonstrate how, with advance planning and preparedness, organizations can recover from ransomware without having to pay costly fees to malicious actors or suffer further financial impacts. However, it is still important to note that an incident did occur; the attack was successful in that it locked out an aspect of the organization’s business and delivered the ransom demands. The difference is, as security researcher Graham Cluley noted, St John was “able to put in place emergency recovery plans to restore from unaffected backup systems. That’s in marked contrast to ransomware attacks that have hit American cities in recent weeks – which have resulted in extortionists being paid over a million dollars.” St John Ambulance’s recovery and response plan worked. But a plan on paper needs to be validated through exercises and testing in order to ensure gaps and vulnerabilities in the plan are addressed prior to implementation. In contrast, the city of Baltimore, which is still battling the effects of their ransomware attack, also opted not to pay the demands but ran into recovery challenges with an untested plan, and the financial impact has already exceeded $18 million.

    There is a lot of no-cost government and third-party guidance to help inform faith-based organizations, charities, and other non-profits what to put into a ransomware recovery plan. In general, adhering to good cyber discipline goes a long way to reducing or mitigating threats posed by ransomware. Some other key principles include FBI recommendations:

    • Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working.” This is extremely important to ensure that not only are the backups conducted, but that there are no bumps in the road when you attempt to restore them.
    • Conduct an annual penetration test and vulnerability assessment.”
    • Secure your backups. Ensure backups are not connected permanently to the computers and networks they are backing up. Examples are securing backups in the cloud or physically storing backups offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization.” With regards to backing up data – one suggestion would be to use the “3-2-1 backup process” – 3 backups, 2 different mediums, 1 offsite.

    If impacted by ransomware, the ultimate question is: do we pay the ransom? In FBI guidance, the U.S. Government “does not encourage paying a ransom to criminal actors. However, after systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees, and customers. Victims will want to evaluate the technical feasibility, timeliness, and cost of restarting systems from backup. Ransomware victims may also wish to consider the following factors:

    • “Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom.
    • “Some victims who paid the demand were targeted again by cyber actors.
    • “After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key.
    • “Paying could inadvertently encourage this criminal business model.”

    Ultimately, in the event of a ransomware attack, all organizations need to have a list of pre-determined responses. This list should be established by leaders before, not during, an attack.

    • Understand the situation. What is the extent of the infection? What data is being ransomed? What decision points determine whether to pay or not to pay?
    • Implement your security incident response and business continuity plan. Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data.
    • Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.
    • Contact law enforcement immediately. Victims of ransomware should report it immediately to CISA at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.
    • If available, collect and secure partial portions of the ransomed data that might exist.
    • If possible, change all online account passwords and network passwords after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system.
    • Delete Registry values and files to stop the program from loading.

    RESOURCES.

    David Pounder is Gate 15’s Director of Threat and Risk Analysis. He advises on both physical and cyber security issues.  Dave spent over 20 years in the Army as an Intelligence and Security Officer, specializing in counter-terrorism, force protection, and counterintelligence efforts as well as serving in the private sector for leading financial institutions responsible for information security and mobile applications. Dave twice served in senior command positions responsible for both counterintelligence operations and investigations.  He has briefed Senior Army Leadership on intelligence and security issues and operations to include General David Petraeus and General Martin Dempsey. David was a regular guest instructor at the Department of Defense Joint Counterintelligence Training Academy in Quantico, VA.  Dave graduated from George Mason University and from the US Army’s Command and General Staff College and has served internationally to include tours in Iraq, Cuba and Qatar.

    Brett Zupan is a Risk Analyst at Gate 15 with experience in all-hazards analysis, exercise development, and information sharing. He has supported analysis, preparedness and operations for a number of critical infrastructure communities, including support to Water and Wastewater Systems Sector, the Commercial Facilities Sector, and with Higher Education in support of REN-ISAC, among other projects. Before joining the company in 2016, he worked at the Georgia State Senate. Brett received his Masters of International Relations from American University.

    Join FB-ISAO! We welcome faith-based organizations, charities and critical partners to join FB-ISAO. Access our TLP AMBER and TLP GREEN reports, join our collaborative forums, working groups, participate in leadership opportunities and take the next step in enhancing your organization’s preparedness, security and resilience!

  • Not Banking on Ransomware – Non-Profit Charities Facing Multiple Challenges After Being Impacted

    Not Banking on Ransomware – Non-Profit Charities Facing Multiple Challenges After Being Impacted

    by Jennifer Lyn Walker and Brett Zupan

    This post was originally informed by the TLP GREEN FB-ISAO Monthly Threat Overviewdistributed on 27 June 2019.

    A series of recent ransomware incidents are not only highlighting just how vulnerable faith-based organizations and charities are to this type of cyberattack, these incidents also demonstrate threat actors interest in targeting organizations that are often less prepared for a cyber incident and perception they may be more willing to pay the ransom. In Auburn, WA, servers belonging to the Auburn Food Bank, a non-profit entity serving approximately 150 families per day, were infected with ransomware on 05 June. This attack locked employees out of their files and emails. Like similar non-profit and charitable agencies, they do not have money budgeted for such events. “We are going to need help paying for this,” said Debbie Christian, Director of Auburn Food Bank. While the food bank has decided not to pay the ransom, it is estimated that equipment replacement and recovery will cost about $8,000. Indicative of a lack of backups to restore systems – in addition to requesting financial donations, the Auburn Food Bank stated they welcomed volunteers who “can type” in order to manually recreate tons of forms. 

    Similarly, Father Bill’s and MainSpring, a Brockton, Massachusetts-based non-profit homeless shelter, recently announced its network became victim to a ransomware attempt in April. Thankfully, the organization’s antivirus software was able to detect and prevent the attack before it could infect any computers on the network. While there was no evidence of a data breach, due to the potential, the organization was required by the Massachusetts Attorney General’s office to send notification letters to anyone with a social security number stored in the shelter’s systems.”We’ve gone through all the proper procedures with a breach through AG’s office, and have done everything we need to do that’s required by the state to let people know,” John Yazwinski, president & CEO of Father Bill’s said. This task was made difficult as the shelter does not have a current address for 30% of the potentially affected individuals. 

    Both instances demonstrate the difficulties that smaller organizations face when confronting ransomware, whether it’s dealing with the aftermath of a successful attack or an unsuccessful attempt. As noted in prior FB-ISAO reporting, ransomware attacks are re-surging and malicious actors are developing more creative ways to part organizations from their money and proprietary information. Examples include ransom notes containing a false PayPal option in addition to the standard Bitcoin payment that is actually a disguised phishing attempt to steal the victim’s PayPal credentials, adding insult to injury, or ransom notes that promise to donate the victim’s payment to a children’s charity. With these trends in mind, FB-ISAO recommends faith-based organizations, charities, and non-profit organizations be proactive in preparing for a ransomware incident before – not if – it happens. The following are suggestions for leaders to consider:

    • An ounce of prevention is worth a pound of cure. Unfortunately, Auburn Food Bank’s situation is not unique – lacking the IT budget and data backup capabilities – in not being prepared to recover from a ransomware incident. FB-ISAO urges members to heed these reports and begin delegating resources for cyber-related incidents, including ransomware, ahead of time. There are low-cost, reliable solutions for maintaining current and stable backups, which is the best way to recover from a ransomware infection when it happens without paying the ransom.
    • Plan for the worst, hope for the best. Budgeting is important but providing awareness of and planning for these threats with your staff does not cost any money and offers huge benefits. Reminding staff of the latest threats, such as phishing, keeps the topic on their mind and can help when encountering a potentially suspicious situation. This habit also fosters a security-aware workplace. 
    • We are stronger together. FB-ISAO recommends all organizations be proactive in preparing for a ransomware incident by searching for resources and collaborating with peers and other partners. Resources, such as KnowBe4’s Ransomware Hostage Rescue Manual, have information to help you prevent infections and how to recover when you are hit with ransomware. The rescue manual explores ways you may be able to potentially recover files even if you did not have a backup and includes a Ransomware Attack Response Checklist and a Ransomware Prevention Checklist. Similarly, reaching out to local peers and information sharing organizations, including FB-ISAO, can provide a vast network that offers hard-won knowledge and experience when facing a cyberattack. Depending on the relationship, some partners may be able to provide resources such as educational materials or temporary staff during a crisis.

    Jennifer Lyn Walker is a cybersecurity professional with over nineteen years’ experience supporting critical infrastructure and SLTT governments. As Director, Cybersecurity Services for FB-ISAO and Gate 15, she advises and consults on cyber threats related to homeland security for critical infrastructure and vital lifeline sectors, including WaterISAC. She is experienced in malware analysis, threat assessments, cyber threat intelligence, compliance, and cybersecurity awareness.

    Brett Zupan is a Risk Analyst at Gate 15 with experience in all-hazards analysis, exercise development, and information sharing. He has supported analysis, preparedness and operations for a number of critical infrastructure communities, including support to Water and Wastewater Systems Sector, the Commercial Facilities Sector, and with Higher Education in support of REN-ISAC, among other projects. Before joining the company in 2016, he worked at the Georgia State Senate. Brett received his Masters of International Relations from American University.

    Join FB-ISAO! We welcome faith-based organizations, charities and critical partners to join FB-ISAO. Access our TLP AMBER and TLP GREEN reports, join our collaborative forums, working groups, participate in leadership opportunities and take the next step in enhancing your organization’s preparedness, security and resilience!

  • June’s FB-ISAO Monthly Threat Overview: Vandalism & Theft

    June’s FB-ISAO Monthly Threat Overview: Vandalism & Theft

    by Andy Jabbour, Managing Director, FB-ISAO

    This post was originally informed by a TLP GREEN FB-ISAO Monthly Threat Overview, distributed on 27 June 2019.

    Every month, FB-ISAO provides a TLP GREEN report, the FB-ISAO Monthly Threat Overview. The report is developed over a specific reporting period by a team of analysts. The report addresses all-hazards – to include physical, cyber, natural hazards, and health threats. The complete physical security section includes incidents involving hostile events, vandalism, theft, harassment, arrests and other notable events. In our May report, I was struck by the remarkable number of incidents that were included, specifically in the area of hostile events. 

    This month, it was a different portion of the report that notably stood out for me – the significant incidents of vandalism and theft, which are not necessarily unique this period, though some are specific to the month. One of the areas that we observed in June was vandalism aimed at houses of worship recognizing Pride Month (June).

    “All of the faithful they should have some assurance that when they go into churches, that these places are safe” – Monsignor Edward Lohse, Vicar General with the Erie Catholic Diocese, via Erie News Now

    Chicago, Illinois: “LGBTQ Pride flags vandalized in possible hate crime at Wicker Park church.” On 25 June, The Chicago Tribune wrote, “A week before thousands of Chicagoans fill North Side streets to share love, acceptance and pride for the LGBTQ community, a Wicker Park church is moving ahead after being targeted with messages of hate. Early Sunday morning, a pride flag and transgender flag hung outside Wicker Park Lutheran Church in the 1500 block of North Hoyne Avenue were vandalized. A Chicago police spokesperson confirmed police are investigating the incident as a possible hate crime.”

    United Church of Renton, Washington State

    Renton, Washington: “FBI Offers Reward of Up to $5,000 for Information on Renton, Washington Church Display Defacement.” On 28 June, the FBI announced, “On June 19, 2019, at approximately 2:30 a.m., an unknown individual (or individuals) used explosive devices to deface an outdoor display at the United Church of Renton in Renton, Washington. The display featured multi-colored doors, each painted with a different word from the phrase ‘God’s doors are open to all.’ It is believed that the subject(s) also wrote ‘Leviticus 20:13’ on one of the doors. This display was previously vandalized during the evening hours of June 13, 2019, when parts of the display were knocked down. The display was also defaced with explosive devices at approximately 10:00 p.m. on June 16, 2019.”

    Beyond Pride Month acts of vandalism, theft continues to target Houses of Worship. From South Carolina to Virginia, and across other parts of the country, theft continues to challenge our community. 

    Loudoun County, Virginia: “Group tries to rob Virginia Buddhist temple; may havestolen from others.” On 26 June, WTOP reported, “Four people tried to rob a Buddhist temple in Sterling, Virginia, on Tuesday, and that might not have been the only temple they hit… One of the men tried to distract the abbot by asking about Buddhism and about a statue in the temple, while the other man sneaked off and went around to the office building, and the two women stole several keys from the abbot… Loudoun County Sheriff Mike Chapman said his department was working to confirm reports that the same group had robbed Buddhist temples in Maryland and North Carolina.”

    Bethune, South Carolina: “‘We estimate that we have over $38,000 worth of losses.’ Bus among other items stolen from Bethune church.” On 27 June, WLTX19, CBS, wrote, “Sometime Tuesday evening a church in the town of Bethune was broken into and thousands of dollars of valuables were stolen including their church bus. The pastor of the Bethune Baptist church Scott Bernshausen said, ‘I came out and found the bus was stolen… We entered the building and realized that the burglars had broke in and stolen multiple TVs and electronic equipment throughout the church.” Church member Robert Horton had just been at the church around 9 p.m. Tuesday night, ‘the neighbor said maybe this happened between 9 and 10. So you never know when somethings going on or when someone could be watching what you’re doing.’” 

    Last week, this post’s author had the opportunity to visit with a church leadership team to discuss hostile events preparedness. With Board of Trustees members having watched an FB-ISAO presentation on Hostile Events (see this month’s FB-ISAO newsletter for info on the next session), recently attending local law enforcement training, and after talking with police and fire personnel, the church wanted to discuss ways to approach security and to minimize risks. Among the ideas discussed was the importance of basic facility hardening. Not every facility can have robust security measures, but it is important to have something – whether human patrols, security cameras, public address systems, mass notifications capabilities, the cloud-based Geoaware®️ platform being offered **at no cost** to FB-ISAO Pro Members by our friends at Vizsafe, or other measures. Hardening and a complete preparedness program don’t happen overnight, but can be approached in manageable steps, respecting time, resources and an assessment of risks (read a great article on preparedness from Homeland Security Today, “Hard Conversations About Soft Targets: DHS Workshop Aims to Save Lives in Mass Shootings” [28 Jun])

    “I recognize that investments don’t happen overnight… Are we building security, redundancy and resiliency into our budgets, or are we just being reactive to everything? …we will not get any better during a crisis — we will fall back to our training.” Assistant Director Brian Harrell, Assistant Director for Infrastructure Security, DHS Cybersecurity and Infrastructure Security Agency (CISA), in HS Today

    In the case of the South Carolina church noted above, the church stated that, “We do have a security system and currently its with the burglars. We had just purchased a security system and we just formed a security team but before we could get the security system in, it actually got stolen by the burglars.” In Virginia, the temple has security cameras installed and operation and the Sherriff’s Office is reviewing and sharing footage with authorities in the other areas, according to WTOP. Two other recent incidents also demonstrate how having cameras, which can also help deter some crimes and attacks, at least also help inform post-incident investigations:

    Erie, Pennsylvania: “Erie Church’s Security Measures Help Police Track Down Attacker.” Erie News Now reportedon 01 July, “The victim fought off her attacker, and he left, but not before he was caught on the church’s surveillance cameras. Erie police released a picture of the suspect, along with his physical description on social media. By nightfall, Erie police identified the man as Josue Mendez, 25, and arrested him, ‘The presence of the surveillance cameras at St. Joseph’s was certainly a help in this case,’ said Msgr. Lohse.” And in another Pennsylvania incident, “Police investigating after break-in at Northampton County church” (WFMZ, 01 July).

    And in addition to cameras, the importance of threat reporting and information sharing cannot be understated. Beyond vandalism and crime, our community must always be ready for the possibility of hostile attackers. From WHTC in Michigan, 01 July: “Police were called at about 10 a.m. with the report of a suspicious incident at a church, which Mulder did not identify. The dispatcher was told by the church’s security official that a man made a comment about having a shotgun in his vehicle, and was headed to another church…”

    Threats exist – right now, today. We need to take reasonable actions – today. Is your organization properly, reasonably, and responsibly addressing the risks you are facing? Are you actively working on preparedness and operations to protect and prepare your people and places? FB-ISAO will be providing our next offering of the Hostile Events Preparedness Series educational presentation on 25 July. It is free, and only costs you an hour and a half of your time. Contact our team for more information on that event. 

    Join FB-ISAO! We welcome faith-based organizations, charities and critical partners to join FB-ISAO. Access our TLP AMBER and TLP GREEN reports, join our collaborative forums, working groups, participate in leadership opportunities and take the next step in enhancing your organization’s preparedness, security and resilience!

    The complete FB-ISAO Monthly Threat Overview goes into additional incidents, other threat vectors and provides resources for members. As a TLP GREEN report is available to all Standard and Professional members, as well as our Government and Law Enforcement members (read more on membership here). 

    Vandalism and Theft Incidents, for period from 23 May-25 June 2019.

    • In early June in London, Ontario, vandals scrawled an offensive message on the sidewalk outside of a mosque. Pictures of the graffiti were taken immediately, and police were called.
    • In early June in Germany, three mosques suffered assaults over a two day period. At one mosque, a right-wing group desecrated the mosque walls with graffiti that said, “get out.” In Hessen, vandals threw rocks at a mosque. Finally, at a mosque in Bremen, a copy of the Quran was set on fire. Police said they were investigating the attacks and expected to arrest the perpetrators soon.
    • On 8 June, the results of a British surveyrevealed that criminal gangs are increasingly turning to metal theft, including from church roofs. The survey found there were on average 37 reports of lead theft from churches in Britain each month. Security experts have warned that the thieves will often get violent if confronted.
    • On 6 June in Bergen County, New Jersey, a swastika was found etched into a classroom wall at a high school. It was the second such incident in the span of two weeks. On 28 May, a swastika was discovered on the wall of a bathroom shared between the high school and middle school. Local police are investigating, but they don’t have much evidence to go on, law enforcement said.
    • On 6 June in Tulsa, Oklahoma, a man was arrested after he was caught on video smashing a church’s windows. The church sustained $1,000 worth of damage as a result. Police say the man told them he had no reason for the vandalism, other than that he was drunk.
    • On 6 June in South Derbyshire, England, thieves broke into a church and stole money from charity collection boxes. Police appealed for witnesses to come forward.
    • On 2 June in Cardiff, Wales, two men were arrested after they broke into an Islamic community center. No one was hurt as a result of the break-in.
    • On 30 May in Florence, South Carolina, a pastor pleaded guilty to bank fraud and identity theft, having used his job as a bank manager to get loans and lines of credit for elderly customers and launder the money through his church. He used the money obtained through two customers to pay for rental cars, a home security system, and hotels in Myrtle Beach. He also closed a $50,000 certificate of deposit belonging to one of the elderly victims and made payments on his delinquent mortgage. The pastor tried to hide his financial doings by depositing some of the bank money in the church’s operating account and withdrawing it for his own use. He opened an account in the church’s name at a bank and disguised a $28,500 loan withdrawal as a donation from the elderly victim. The pastor faces up to 30 years in prison and a $1 million fine for bank fraud and a mandatory two-year term for aggravated identity theft.
    • On 29 May in Anaheim, California, a man broke into a church and stole electronics and religious items. Security footage showed a man breaking into the church and stealing two iPads, a laptop, a projector, and a microphone. The suspect also damaged property inside of the church. The police department said they had not seen any evidence that would point to the burglary as a hate crime.
    • On 29 May in Lake Charles, Louisiana, acts of arson and vandalism were perpetrated against a church. Security cameras captured a suspect approaching the building with a five-gallon bucket of possible flammable liquid. The suspect allegedly attempted to get into the church by kicking in the glass doors. Unable to gain entry, police say the suspect then can be seen breaking out a side window on the church and throwing the bucket of liquid into the building. The suspect allegedly made multiple trips to the broken window, throwing lit items into the building.
    • On 28 May in Austin, Texas, it was reported that a sign for “Muslim Space,” an Islamic institution, had been defaced with Islamophobic language and obscenities. The Austin chapter of the Council on American-Islamic Relations (CAIR-Austin), the nation’s largest Muslim civil rights and advocacy organization, asked police to investigate the incident.
    • On 28 May in Bellmead, Texas, a man broke into a church and stole two security cameras. The man entered the church through an unlocked window. At that time, he took a security camera and batteries for the camera. He also took a box containing keys to every door at the church. The following morning, he returned to the church and attempted to enter the front door using the keys that he took the night before. The alarm scared man off, and he took another camera as he left. He was eventually arrested by police.
    • On 23 May in Staten Island, New York, anti-Semitic graffiti was found written on the external walls of a synagogue. The graffiti said, “synagogue of Satan.” Meanwhile, at a Jewish school across the street, the letters “SOS” had been written. A spokesman for the synagogue said security would be increased. Police said they were aware of the incident and were investigating. 
  • Multi-Faith Targeted Violence Roundtable Meeting at the FBI

    Multi-Faith Targeted Violence Roundtable Meeting at the FBI

    Mayya Saab, of the Faith-Based Information Sharing and Analysis Organization (FB-ISAO) had the honor of attending the Multi-Faith Targeted Violence Roundtable meeting at FBI Headquarters on 18 June 2019. This was a meeting between leaders of faith-based organizations (FBOs) and members of government, who are given the difficult task of preventing bias-based attacks on religious institutions. Safety of houses of worship is a mammoth task and one that government cannot do alone, so the task requires close collaboration between government, faith-based leaders and the community. Representatives from the Christian, Muslim, and Jewish faiths included leaders from the Christian Emergency Network, Secure Community Network and the Muslim Public Affairs Council.

    There were multiple presentations such as:

    • Counterterrorism and Criminal Investigative Divisions Threat Briefs
    • Communal Response to Mass Casualty Incidents
    • Pre-Attack Behaviors of Active Shooters

    Especially poignant were presentations on lessons learned from the Sutherland Springs Church Shooting. During that presentation, a deep discussion on the assailant’s behavior leading up to, and including, the day of the shooting took place. Another presentation covered the Oak Tree Temple Shooting. This presentation was particularly personal for the FBI agent who responded to the event since the Oak Tree Temple was his house of worship and some of the victims were his family members. There was a discussion about the effect of these types of incidents on law enforcement personnel. On multiple occasions, attendees expressed gratitude to law enforcement for their work on protecting houses of worship.

    The FBI provided information about the current threat environment. Here are some key points for the community to note:

    • Most perpetrators of crime against religious institutions are males between the ages of 19-25
    • As of late, violence comes first (that is an act is committed) and then the perpetrator picks an ideology after the attack
    • There were 66 cases of domestic terrorism in the first half of 2019 as compared to 115 in all of 2018
    • Domestic Terror Groups are less threatening than individuals based on reported cases of domestic terrorism
    • The internet and gaming are contributors to violent behavior
    • The average planning phase for a violent crime is 1-2 months
    • The average preparation phase for a violent crime is less than 24 hours
    • Most perpetrators of violence have bought their weapons legally

    The FBI and DHS issue and maintain multiple products designed to inform and educate FBOs and individuals on what they can do to prepare for hostile events. Here are publications that were specifically referenced during the meeting:

    What can an FBO do?

    • Reach out to local law enforcement and establish relationships
    • Start preparing an emergency plan. There are many resources available to help an FBO prepare for an emergency – which planning document you use depends on preference
    • Join FB-ISAO. FB-ISAO issues reports to help FBOs mitigate risk and to become more resilient. FB-ISAO also encourages collaboration between members so that they can learn from each other. Members can also share best practices and support each other’s preparedness activities

    The meeting concluded with a deep commitment to public private partnerships – that is partnership between government and private organizations, like FB-ISAO. Also affirmed was the need for greater communication and collaboration between government and faith-based groups. Although this meeting was the first of its kind, it is expected that there will be future meetings to follow-up on action items and to establish an on-going dialogue between government and faith-based leaders and their communities.

  • Hostile Events: A Real & Ongoing Threat to Faith-Based Organizations

    Hostile Events: A Real & Ongoing Threat to Faith-Based Organizations

    by Andy Jabbour, Managing Director, FB-ISAO

    Every month, FB-ISAO provides a TLP GREEN report, the FB-ISAO Monthly Threat Overview. The report is developed over a specific reporting period by a team of analysts. The report addresses all-hazards – to include physical, cyber, natural hazards, and health threats. Reviewing the draft of the most recent report, finalized and distributed on 24 May and covering the period from 25 April – 22 May 2019, I was amazed by the remarkable number of incidents that were included. 

    Addressing the area of hostile events, the report notes, “The persistence of domestic arrests, incidents, and continued jihadist and other extremist rhetoric remains a direct threat to the Faith-Based Organizations (FBOs). We continue to consider the threat of lone actor or a small group of extremists to be a credible threat. Over the past month, there were several events and arrests that continue to serve as reminders of the continuous physical security threats facing the sector.” 

    “Our right to worship freely and without fear is fundamental to life in America.”

    Renn Cannon, Special Agent in Charge of the FBI in Oregon

    The complete physical security section includes incidents involving vandalism, theft, harassment, arrests and other notable events. But it was the section covering Active Shooter & Hostile Events that jumped out at me. An excerpt from that section follows. I encourage you to review the list of incidents and let that sit with you for a few moments. 

    Image by Free-Photos from Pixabay

    Is your organization properly, reasonably, and responsibly addressing the risks you are facing? Are you actively working on preparedness and operations to protect and prepare your people and places?

    FB-ISAO will be providing our second offering of the Hostile Events Preparedness Series educational presentation on 20 June. It is free, and only costs you an hour and a half of your time. Contact our team for more information on that event. Consider joining FB-ISAO, tying in to our growing community of security-focused faith leaders and help enhance the security and resilience of your FBO and our collective community of faith. As recently stated by Renn Cannon, Special Agent in Charge of the FBI in Oregon, “Our right to worship freely and without fear is fundamental to life in America.” Are you doing everything you can to help protect and prepare your people and places so all Americans, and those within our boarders, are able to “worship freely and without fear?” 

    The complete FB-ISAO Monthly Threat Overview goes into additional incidents, other threat vectors and provides resources for members. As a TLP GREEN report, it is available to all Standard and Professional members, as well as our Government and Law Enforcement members (read more on membership here). 

    Active Shooter & Hostile Events, for period from 25 April – 22 May 2019.

    • Over the weekend of 18 to 19 May in Chicago, Illinois, separate incidents of attempted arson and vandalism occurred at local synagogues. Worshipers who arrived at one synagogue Sunday morning discovered broken glass and charred black rags outside the building. Police later confirmed that an unknown assailant twice attempted to set the building on fire around midnight on Saturday. No one was injured and there was no damage to the synagogue. Police were also investigating vandalism outside several synagogues in the city’s West Rogers Park neighborhood, where the windows of cars parked outside the building were smashed early Sunday morning.
    • On 15 May in Kalamazoo, Michigan, a fire destroyed a church. It took two dozen firefighters over four hours to douse the fire. The building is a total loss, and a home next door suffered exterior damage from the intense heat. The fire marshal didn’t yet know what sparked the fire; federal agents joined the investigation.
    • On 12 May in New Haven, Connecticut, a fire broke out at a mosque that is still under construction. Officials said they believe the fire was intentionally set. The fire started on the first floor of the building and spread to the second level.
    • On 12 May in Dablo, Burkina Faso, gunmen killed six people, including a priest, as Mass was being celebrated in a church. The attackers, said to number between 20 and 30, then burned down the church. The town’s mayor said there was panic as other buildings were burned down and a health center looted. As noted below, a Protestant church was attacked in Burkina Faso on 28 April, resulting in the deaths of a pastor and five congregants. Islamist groups have been blamed for a number of attacks in the West African nation in recent years.
    • On 11 May in Arlington, Massachusetts, a fire was set outside the home of a rabbi that serves at a Jewish center. The incident is being investigated as a hate crime. Police asked for the public’s help in identifying a person caught on a neighbor’s video camera walking away from the home around the time of the fire. Firefighters put out the small fire that burned the shingles of one side of the building. Police and town officials have no evidence yet that the location or its Jewish homeowners were targeted because of their religion, but “are leaving open and actively investigating the possibility of a hate crime.” On 16 May, another fire was set at the Jewish center. The fire, which was on the home’s exterior wood shingles, was small, and firefighters were able to put it out using a hand-held extinguisher. 
    • On 10 May in Couva, Trinidad, a 57-year-old businessman was killed inside a mosque, although the country’s attorney general said the incident should not be labelled as an act of terrorism nor a hate crime. eyewitnesses said the businessman was mingling with fellow Muslims outside the mosque when he was approached by a gunman. He then ran up a flight of stairs and into a prayer room, where he was killed.
    • On 9 May in Charlottesville, Virginia, a hit and run occurred near a mosque. Police said a dark colored Sedan struck a man’s arm while he was walking along the street. Another member of the mosque claims a car with the same description swerved at her while she was walking to the mosque earlier the same week but at the time, she did not think anything of it. The mosque had been bolstering its security measures in previous months.
    • On 9 May in London, England, a man fired a shot outside a mosque during evening prayers for Ramadan. The man was reported to have entered the mosque but was “ushered out” by those inside, police said. A shot was heard shortly after. Police said there were no injuries and they were not treating it as a terrorist incident. They said they believed the shot came from a blank-firing handgun. One theory police are considering is that the gunshot followed a dispute linked to gangs or criminality which started in the street and then moved into the mosque.
    • On 6 May in Brooklyn, New York, a Hasidic Jewish man was assaulted in an unprovoked attacked. Without saying a word, one of the men walked up to the victim and punched him in the face. Another suspect yelled anti-Semitic slurs at the man. The group fled the area. The man was not seriously injured.
    • On 6 May, French police arrested a 16 year old in Strasbourg, France for actions in conjunction with a plot to attack security forces and possibly Elysees Palace. This arrest is in connection to the arrests in April of three adults and one teenager who had allegedly planned an attack “to coincide with the start of the Muslim holy month of Ramadan… with officials saying the suspects had scouted out areas near the Elysee and a police station in the Parisian suburb of Aulnay-sous-Bois.” French authorities believe this individual published a video pledging allegiance to the Islamic State. 
    • On 28 April in Cincinnati, Ohio, a family of four Sikhs were shot and killed inside their apartment complex. Locals in neighboring apartments said they heard a barrage of gunfire, which forced them to rush out on the streets. However, the alleged killer had fled from the spot. Local police launched a probe into the attack, which is as of now being suspected as an act of “hate crime.” 
    • On 28 April in Burkina Faso, unidentified gunmen killed a pastor and five congregants at a Protestant church, the first attack on a church in a country that has seen an upsurge of Islamist violence this year. Burkina Faso, which boasts of a history of religious tolerance, has been beset by a rise in attacks as groups based in neighboring Mali seek to extend their influence over the Sahel, the arid scrubland south of the Sahara. The government declared a state of emergency in several northern provinces bordering Mali in December because of deadly Islamist attacks, including in Soum, the region where Sunday’s attack took place.
    • On 27 April near San Diego, California, a shooter who appears to have posted an open letter riddled with anti-Semitism and racial epithets opened fire at a San Diego County synagogue on the last day of Passover. Police said the man opened fire with a rifle, killing one woman and wounding a girl and two men, including a rabbi. Police said the shooter left after his rifle possibly jammed and was fired upon as he fled by an off-duty Border Patrol agent working as a synagogue security guard; the agent struck the getaway car but did not wound the man. A San Diego police officer en route to the synagogue heard details on the radio and confronted the suspect where he had pulled over along the road near Interstate 15. Officials said he surrendered without incident and a rifle was discovered on the front seat.
    • On 26 April in Los Angeles, California, a man deliberately drove a vehicle into a crowd of people, doing so because he thought they were Muslim, police said. Eight people were injured in the incident, including three members of the same family. A lawyer for the man said the incident “was clearly the result of a mental disorder”, and he would seek psychiatric treatment for his client, who he described as a military veteran possibly suffering from PTSD.
    • On 25 and 23 April in Bethlehem, Pennsylvania, fires were set at a church. The first fire built a thick, black smoke cloud around the building, but had burned out by the time authorities arrived. It was ruled arson by the Bethlehem city fire marshal. The motive was unclear, according to a statement from the Bethlehem police, but the fire appeared to have been started in the sanctuary area of the church. Then, just two days later, firefighters were at the church again, extinguishing a blaze which was contained to the roof of the structure, right above the sanctuary area. By 26 April, police had arrested a man in connection with the fires, charging him with arson, burglary, and criminal trespass.
    • On 23 April in Austin, Texas, a man attempted to commit arson at a mosque. He was captured on security video just after midnight pouring what appears to be gasoline on the side of the building and then attempting to light the fluid. The mosque was the target of repeated vandalism last fall. It hired an armed security guard after tires were slashed and the building’s front doors and windows were shattered in September.
    • On 22 April in Sri Lanka, a van parked near a church that was bombed on Easter Sunday exploded; no injuries have been reported. Police went to inspect the van Monday after people reported it had been parked near St. Anthony’s Shrine since Sunday. They discovered three bombs that they tried to defuse. Instead, the bombs detonated, sending pedestrians fleeing in panic.
      • On 7 May, it was reported that there have been increasingly violent clashes in Negombo, the site of St. Sebastian’s Church (one of the three churches that was bombed on Easter), with mostly-Catholic mobs attacking and vandalizing Muslim-owned shops, homes, and vehicles. Negombo suffered the highest death toll in the Easter Sunday attacks. The bomb at St. Sebastian’s killed more than 100 worshippers. The violent attacks prompted Sri Lanka’s Roman Catholic Church to call for the hostility against Muslims to end.
      • On 2 May, Sri Lanka’s Catholic Church said it would not resume Sunday services as planned on May 5 after the government warned of more possible attacks by an Islamic State-linked group. It was the second week following the attacks in which the Catholic diocese canceled services. Instead of public services the first Sunday after the attacks, the cardinal delivered a homily at his residence that was broadcast live on television.
      • On 12 May, Sri Lanka’s Catholic Church held the first regular Sunday Mass since the attacks. Military forces and police armed with assault rifles patrolled the streets leading to churches and stood guard outside the compounds. Everyone entering was required to produce identity cards and be body searched. Volunteers were stationed at the gates of churches to identify parishioners and look out for any suspicious individuals. Parking was banned near the churches and officials urged worshippers to bring only minimum baggage.
      • On 29 April, Sri Lanka announced a ban on Muslim women wearing face veils. Although the niqab and the burka, which are worn by Muslim women, were not specifically named in the ban, any face garment which “hinders identification” is no longer permitted to ensure national security, the president’s office said.
      • On 23 April, the Islamic State claimed credit for the bombings. Independent media groups that produce posters and videos supporting the Islamic State have used the attack to push for more jihadist operations. One poster depicts a jihadist with dark blond hair in military fatigues entering a bombed-out church: “O worshippers of the Cross you will not enjoy your living, you have opened up the gats of hell to yourselves by waring [sp] us, so wait for what will embitter your life, and what is coming is more bitter and more disastrous.”
      • As reported in the Monthly Threat Brief for April, on 21 April coordinated suicide bombings occurred at three churches and three hotels in Sri Lanka, killing approximately 250 people and injuring at least 500 more. The three churches, all of which were conducting Easter services at the time of the explosions, are located in the cities of Colombo, Negombo, and Batticaloa. The three hotels targeted by the bombings are all located in the Colombo, Sri Lanka’s capital, and are popular with foreign tourists and the country’s business community.
    • On 21 April in San Diego, California, members of a church tackled a woman carrying a baby and handgun as she threatened to blow up the building. San Diego Police arrived within two minutes of the first call and took the woman into custody, the department said in a statement. Churchgoers were able to take the baby from the woman’s arms and pry the gun from her hands before tackling her to the ground. A bomb-sniffing dog found nothing in a sweep of the building and the suspect’s car, police said. Police said her gun was not loaded.
    • On 16 April in Winnipeg, Canada, an employee of a café was attacked and the inside of the building was spray-painted with a swastika in what was described as an anti-Semitic attack. A local church was planning a vigil to support Winnipeg’s Jewish community after the incident.
  • Working Groups: One of the Cornerstones of an Effective ISAO

    Working Groups: One of the Cornerstones of an Effective ISAO

    By Andy Jabbour

    As FB-ISAO transitions to our membership model, we’re excited to also begin our working group collaboration and Slack member channels. Collaborative groups are essential to a successful ISAO and our working groups will be a vital part of that for FB-ISAO. As we begin this next phase in FB-ISAO’s maturity, we are establishing five initial Working Groups (WGs). What follows are overviews of these initial WGs and an explanation of some of the ways members can use Slack as a means of participating in the working groups.

    Working Groups. WGs are ongoing collaborative groups comprised of FB-ISAO members and staff focusing on specific areas that are important to enhancing FB-ISAO’s capabilities and the ways in which our organization can support members’ threat and risk awareness, preparedness, security, and operations. WGs are co-chaired by FB-ISAO staff and FB-ISAO members. Initially, we are establishing WGs as follows:

    • Cyber Threat Intelligence;
    • Business Resilience;
    • Threat and Incident Response Group
    • Preparedness;
    • Communications; and,
    • Outreach & Engagement

    Additional WGs may be developed over time based on needs our staff identify or at the request of members and the approval of our Advisory Board. FB-ISAO Professional Members may join most WGs so long as they meet the criteria established by that WG (those requirements will be developed by each WG). Brief descriptions of our initial WGs follow.

    Cyber Threat Intelligence. The CTIWG will focus on identifying information security / cybersecurity-related threats relevant to the community and the associated risks, helping to inform the FB-ISAO cybersecurity threat level, developing actions members can consider given a specific threat level, and other activities relating to enhancing the awareness, security and resilience of our members and community, during both routine operations and during incidents relevant to the community. Members may also help inform FB-ISAO staff efforts relating to cybersecurity analysis, reporting, and services. The CTIWG may help vet physical security-related ideas and initiatives from members and staff. Some issues and concerns crossing over from or into other domains, such as blended threats, may be addressed in collaboration with the BRWG.

    Business Resilience. The BRWG will focus on identifying non-cybersecurity-related threats – those pertaining to man-made threats, natural hazards and health issues – relevant to the community and the associated risks, helping to inform the FB-ISAO physical threat level, developing actions members can consider given a specific threat level, and other activities relating to enhancing the awareness, security and resilience of our members and community, during both routine operations and during incidents relevant to the community. Members may also help inform FB-ISAO staff efforts relating to analysis, reporting, and services. The BRWG may help vet physical security-related ideas and initiatives from members and staff. Some issues and concerns crossing over from or into the cyber domain, such as blended threats, may be addressed in collaboration with the CTIWG.

    Threat & Incident Response Group. During active threats, incidents, or for other issues identified by FB-ISAO staff, FB-ISAO may convene joint meetings of the CTIWG and BRWG under the banner of the TIRG.

    Preparedness. The PWG will focus on both collaboration among members relating to facility and operational preparedness, as well as helping to inform and develop FB-ISAO lead preparedness events, such as exercises. Members may also help inform FB-ISAO staff efforts relating to analysis, reporting, and services and may be asked to assist in the development of input to assist the CTIWG and BRWG.

    Communications. The CWG will focus on ensuring effective communications and reporting, both internally from FB-ISAO to members and among members, and externally with FB-ISAO partners. This may include reviewing reports, formats, organization and appearance, as well as reviews of the traffic-light protocol and other communications related activities.

    Outreach & Engagement. The OEWG will focus on increasing awareness of FB-ISAO among our community of FBOs and partner organizations. The OEWG may develop campaigns to increase awareness and engage the community, identify events to help raise awareness and interest in FB-ISAO, and consider member engagement to help ensure FB-ISAO members are being afforded ample opportunities to be involved with FB-ISAO.

    In addition to WG activities, Professional Members are strongly encouraged to actively participate on FB-ISAO Slack. Initial channels in Slack have been set-up to facilitate some initial information sharing and awareness, such as the feed informed by the content in the Faith-Based Journal (FBJ) and general channels. Additional channels are to support WG communications and how WG collaboration will primarily occur. However, additional channels may be set up to support any number of interests members have, from topical groups – focusing on issues and concerns members have, to geographic groups, to groups based on size, or specialty (charities, houses of worship, or for those with personnel operating internationally), to just for fun groups based on member interests. Pro members can request FB-ISAO establish channels anytime! Learn more about our membership levels: https://faithbased-isao.org/membership-levels/

    “Sounds Interesting, But How Much Time Does This Require?” That may be a question you’re asking, and a fair one! Our WGs will typically meet for monthly virtual meetings. These will be opportunities to check in, update progress or outcomes of various projects and initiatives and to discuss relevant issues. We ask all WG members to participate in at least two out of three meetings per quarter. Co-Chairs will be more involved, helping to guide the group, set the agenda, and ensure progress is being made on various WG activities. Some WG members may volunteer to lead or support WG efforts, but that will be optional. Our goal is to keep the burden light but to also ensure we have effective means for members to get involved and help shape FB-ISAOs efforts and to really be a part of building the security and resilience of the community of faith.

    Our “big vision” is to connect every FBO to FB-ISAO to allow for a means for peer engagement and, in the event of an urgent communication for our community, a means by which we can get that out. While we recognize that for many, Basic and Subscriber-level Membership will suffice, we hope you may find interest in a more active Professional Membership and being an active participant in shaping the activities and efforts of FB-ISAO and our community. FB-ISAO is you! And only your participation can make it great!

  • Responding to Christchurch

    Responding to Christchurch

    TL;DR: Leaders are encouraged to respect the horrible tragedy in New Zealand and the potential for copycat, inspired, or retaliatory attacks by extremists. At this time, FB-ISAO is unaware of any specific or imminent threat towards US Faith-Based Organizations (FBOs); however, in light of today’s incident, we are modifying our current physical threat level assessment.

    Physical Threat Level. FB-ISAO has assessed the general Physical Threat Level for US Faith-Based Organizations as “GUARDED.” As per FB-ISAO’s definitions of the Cyber Threat Levels, “GUARDED” means FB-ISAO is unaware of any specific threats but a general risk of incidents exists.Note: While we do not assess that there is a significantly elevated threat at this time and are not increasing the threat level to “ELEVATED,” FB-ISAO considers this period following a significant extremist attack upon a place of worship as a period of heightened concern. During this time, extra consideration should be given to organizational security and preparedness.

    This assessment has been developed by FB-ISAO and is our general, nationwide, threat assessment for the US community of faith. As always, for local threat information, members are encouraged to work closely with neighborhood partners, local law enforcement, state and local fusion centers, local FBI field offices, DHS Protective Security Advisors and other local experts and responders.

    Earlier today, in Christchurch, New Zealand, a horrific attack left at least 49 individuals dead and approximately 20 seriously injured. The coordinated mass shootings were conducted at two separate mosques, with reports of 41 individuals killed at the al Noor mosque and seven more at the Linwood mosque. Four individuals have been taken into custody – three men and one woman. There is an open investigation and additional details will be forthcoming. So far, a 28-year-old male has been charged with murder. There is abundant information on this attack in today’s Faith-Based Journal – see the WORLD and #CHRISTCHURCH Sections for links; some of which have been included below. The nature of the attackers’ extremism and radicalization, the deliberate planning of the attack, and other key aspects will be further explored and distributed to members in a TLP AMBER follow-on report next week. 

    This morning, DHS communicated a message to Faith-Based organizations from Mr. Brian M. Harrell, the Assistant Director for Infrastructure Security. In that message, Mr. Harrell states, “As the Assistant Director for Infrastructure Security within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), I implore you to reflect on today’s attack, and determine how we can collectively better prepare for and mitigate the impacts of a similar incident here in the Homeland. It has been demonstrated in recent attacks such as at the Tree of Life Synagogue in October 2018, that violent extremism is present in our nation and we must learn from previous incidents and apply best practices to avoid impacts to the core of the American way of life. As I mentioned in my February 2019 letter, CISA is steadfast in its commitment to supporting the faith-based community in enhancing security in a manner that still maintains the unique and open environment that places of worship provide to their parishioners.” The complete message was distributed with this DHS resource: The Securing Soft Targets and Crowded PlacesResource Guide. “Soft Targets and Crowded Places (ST-CPs)… are locations that are easily accessibleto large numbers of people and that have limited security or protective measuresin place making them vulnerable to attack. DHS has been working for many years to address ST-CP security and preparedness, with recent shifts in the threat landscape calling for renewed departmental focus on leveraging and maximizing its ST-CP security authorities, capabilities, and resources in an integrated and coordinated manner.”

    AttachmentSize
     Security of Soft Targets and Crowded Places Resource Guide4.62 MB
     Soft Targets and Crowded Places Security Plan Overview698.37 KB

    There has not been a National Terrorism Advisory System (NTAS) alert and one is not expected. However, as local jurisdictions assess the threat, several major metropolitan areas are increasing security around places of worship. As this post is being written, a number of additional updates have been made relating to increases in local security at FBOs both internationally (France, the UK, and Australia, and others) and in the United States including New YorkChicagoPittsburghAtlantaPhiladelphiaPortland and the Pacific Northwest, as well as in MassachusettsArizona, and other parts of the country. Much of this activity is expectedly focused around mosques, but given the potential for copycat, inspired, or retaliatory attacks by extremists, FBOs of all faiths are strongly encouraged to engage with local fusion centers and law enforcement, and to talk to other local FBOs. Regardless of belief system, now is an important time to share information concerning reports or behaviors with local places of worship and other FBOs – threats that may seek to attack one facility or type of target may shift to secondary or additional targets for a variety of reasons.

    Adding some recent historical context, the AP reported earlieron the sad list of attacks at places of worship over the last decade. Excluding the incidents in Afghanistan, Pakistan, and the Middle East / North Africa, the list is still remarkably long:

    • 05 Aug 2012: Six members of the Sikh Temple of Wisconsin, in Oak Creek, are fatally shot by a white supremacist, Wade Michael Page. Page was shot by a responding officer and later killed himself.
    • 17 Jun 2015: Nine black worshippers including a pastorare killed by Dylann Roof, a 21-year-old white supremacist, after he prayed with them in Charleston, South Carolina. Roof was convicted of federal hate-crime and obstruction-of-religion charges and sentenced to death.
    • 29 Jan 2017: A gunman killed six men during evening prayers at the Islamic Cultural Centre in Quebec City. Alexandre Bissonnette pleaded guilty to first-degree murder and attempted murder charges and was sentenced to serve 40 years in prison before being eligible for parole.
    • 05 Nov 2017: Dressed in black tactical-style gear and armed with an assault weapon, 26-year-old Devin Kelley opened fire at the First Baptist Church of Sutherland Springs, Texas, killing 26 people and wounding about 20 others.
    • 27 Oct 2018: A gunman believed to have spewed anti-Semitic slurs and rhetoric on social media enteredTree of Life Congregation synagogue in Pittsburghand opened fire, killing 11 and wounding six, including four police officers.
    • 27 Jan 2019: Two suicide attackers detonate two bombs during a Mass in a Roman Catholic cathedral on the largely Muslim island of Jolo in the southern Philippines, killing 23 and wounding about 100 others. Three days later, an attacker hurls a grenade in a mosque in nearby Zamboanga city, killing two religious teachers.
    • 15 Mar 2019: At least 40 people are killed in an attack at mosques in the New Zealand city of Christchurch.

    While our immediate concern is the coming few days, the long-view extremists take is important to understand, as is the planning cycle. The New Zealand attacker was at least partially inspired by a trip to France two years agoCNN reports on the FBI’s observed uptick in US domestic terror arrests – “with nearly 25 arrests in the first quarter of fiscal year 2019, it’s one of the ‘highest arrest tempo quarters in the last few years’ related to domestic terrorism. The domestic terror arrests include but are not limited to far right/white nationalists…” Our sad reality is the threat to FBOs is real, and enduring. Members need to take action for today, and properly plan and prepare for tomorrow.

    Among other activities, in the weeks ahead, FB-ISAO will be:

    • Continuing development and distribution of TLP GREEN and AMBER products to members via non-public postings and communications. An additional partner report will be shared later today with members currently participating in FB-ISAO Slack.
    • Establishing the member secure portal (near completion now).
    • Adding members to working groups and topical channels in FB-ISAO Slack (for Professional level members).
    • Beginning our free, regular offering of Hostile Events Preparedness Series education via webinar, to help educate FBOs on the threat environment, and start the process of preparedness.
    • Commencing distribution of our series of reports on the Hostile Events Attack Cycle (HEAC) to help members increase their understanding of the process would-be attackers typically follow whilst planning an attack.

    In the meanwhile, FBOs are encouraged to review basic response procedures such as responding to a bomb threat and safely evacuating a facility, and other appropriate basic preparedness.

    As observed this morning, “For a long time (New Zealand) has assumed that this extremism is not here, but it is.” Many times we take on the “it won’t happen here” mentality. That is not a responsible mentality. We do need to take a measured assessment of risks, and do not want to be alarmist or reactionary, but we also need to be reasonably responsible and care for those we invite and employ at our FBOs. If you have questions or other needs for assistance, please feel free to contact our team. We hope you’ll also review our membership page and consider joining FB-ISAO as we complete our transition to our new membership model.

  • Why Join FB-ISAO? Experts Emphasize the Importance of Participating in Information Sharing Organizations

    As FB-ISAO completes the final actions to transition from our Initial Operating Capabilities to our Membership Model and enhanced services and capabilities, one of the things we’re most excited about is the opportunity to enhance member collaboration and information sharing through a number of means that will be available.

    Is collaboration really important? Absolutely. FB-ISAO is not intended to serve as a unidirectional intelligence and information provider. While we have and will continue to share FB-ISAO developed and partner reports, alerts and analysis, a truly successful level of maturity and capability will only be attained when members become collaborators and help enhance, refine and improve our capabilities, and begin to effectively share information with one another and appropriate partners.

    As CyberScoop’s Sean Lyngass wrote shortly after our initial Press Release on the establishment of FB-ISAO, “When it comes to protecting faith-based organizations from hackers, divine intervention will only get you so far. Congregations, like any other collection of people, can benefit from trading threat intelligence...” While focused on cybersecurity, the truth in that statement is applicable across the all-hazards threat environment and is underscored in a number of recent posts and discussions, including:

    The Cipher Brief: “Collectively embracing the idea that companies and sectors no longer exist in siloed architectures will be a major step forward in facilitating an environment where intersecting strategies can emerge that transform this weakness into a strength. The first step organizations can take is to join in the current dialogue within the community through DHS’ Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs).” While ISACs and ISAOs, like FB-ISAO, aren’t actually DHS entities, but rather, closely working partners, the emphasis on the importance of organizations taking that first step is critical.

    openPR, in reference to a new Juniper report: An “increasingly popular option of deploying threat intelligence security services software is gradually picking up through which enterprises need to participate in an information sharing and analysis center, where industry-specific threat data is shared and then incorporated into local analysis and tools.” FB-ISAO serves as that community-specific facilitator – coordinating and sharing intelligence, analysis and information from our team, partners, members and colleagues to support the community of faith.

    Homeland Security Today: “‘The industry has improved its culture to foster greater information sharing and has had success through the [Information Sharing and Analysis Centers, or] ISACs… Now we need to work with our government partners to continue the process.’ DHS’s Director of the National Risk Management Center, Mr. Bob Kolasky, “asked if information sharing has improved across the federal government, concurred… that more work needed to be done… Across the panel, the experts maintained a positive outlook on improving partnerships between the private industry… and the federal government…”

    As William (Bill) Flynn, President, GARDA Risk Management, LLC and FB-ISAO Advisory Board member stated last year “Faith-based organizations provide a sanctuary to those in need, but they often lack the foundational capabilities – information sharing, situational awareness and analysis – needed to make informed risk management decisions in today’s dynamic threat environment. FB-ISAO is a trusted partner and addresses those gaps with resources to ensure the resilience of religious organizations.”

    Our next blog will highlight another important aspect of a successful ISAO – Working Groups.

    Learn more about FB-ISAO, our membership programs, and join us in enhancing the threat and risk awareness, security, preparedness, and resilience of our Nation’s Community of Faith!

  • A Message to the Community of Faith, from the DHS Assistant Director of Infrastructure Security

    A Message to the Community of Faith, from the DHS Assistant Director of Infrastructure Security

    “The core mission of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is to collaborate with public and private sector stakeholders to develop and disseminate resources that support risk mitigation. In partnership with entities such as the Faith-Based Information Sharing and Analysis Organization (ISAO), we provide resources that assist in securing physical and cyber infrastructure. I commend all of you for being members of the Faith-Based ISAO as it demonstrates the importance you place on partnership, information sharing, and risk-mitigation; all of which support achieving the pinnacle of security practices.”

    The above is an excerpt from a letter written by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Assistant Director of Infrastructure Security, Mr. Brian Harrell.

    Please read the entirety of Director Harrell’s letter below. In addition to the letter, CISA wanted to make sure FB-ISAO members are familiar with a valuable new resource, the Securing Soft Targets and Crowded Places Resource Guide. “Soft Targets and Crowded Places (ST-CPs)… are locations that are easily accessible to large numbers of people and that have limited security or protective measures in place making them vulnerable to attack. DHS has been working for many years to address ST-CP security and preparedness, with recent shifts in the threat landscape calling for renewed departmental focus on leveraging and maximizing its ST-CP security authorities, capabilities, and resources in an integrated and coordinated manner.” Access those resources below, and see the Resources tab on this website for more.

    AttachmentSize
     Security of Soft Targets and Crowded Places Resource Guide4.62 MB
     Soft Targets and Crowded Places Security Plan Overview698.37 KB
    Assistant Director Brian Harrell

    “please know that the U.S. Department of Homeland Security is dedicated to maintaining a strong partnership with the faith-based community and that we value your partnership.” – Assistant Director Harrell

    Through relationships with leaders and organizations, such as Assistant Director Harrell and CISA, with the Federal Bureau of Investigation, state and local fusion centers, and other public sector partners, we will continue to grow our private-public collaboration, and the continued awareness, preparedness, security, and resilience of the American community of faith. Please read the entirety of Assistant Director Harrell’s letter, above, and thank you for your commitment to building a stronger, more prepared nation.

  • Looking Forward to 2019!

    The Faith-Based Information Sharing and Analysis Organization staff and Board of Advisors have accomplished a lot in 2018:

    • We registered as a non-profit in the state of Virginia in June
    • We formed our Board of Advisors in August
    • We established initial operating capabilities in September
    • We began distribution of the Faith-Based Daily Journal (FBJ) and our routine weekly and monthly reports in September
    • Our membership lists doubled between June and December
    • We held three meetings with our Board of Advisors
    • We attended one national and one local faith-based-focused events

    In December, we spent a good deal of time planning our next steps. We planned out some goals for 2019:

    • Continue to grow our membership
    • Increase our Advisory Board Members (with an emphasis on diversification and representation from multiple faiths)
    • Develop and roll out our membership portal which will be a one-stop shop for membership registration and vetting and serve as an information repository
    • Continue to enhance and disseminate our push products, including new products
    • Get our members involved in working groups
    • Educate our members on how to collaborate together
    • Host recurring hostile events / active assailant education and preparedness education via webinar

    2018 was all about forming the organization. We couldn’t have done that without the help and guidance of our awesome Board of Advisors!  2019 is going to be about continuing to provide our membership with products that serve to inform threat and risk understanding, security, and resilience. We will also roll out new collaboration capabilities for our members and partners and we will design, develop and conduct regional workshops around the country to further bolster community preparedness. We are excited for 2019 to get here!

Show Buttons
Hide Buttons